From 8bc30c88513a0782f91eae7e1280bb9f41d4d8f7 Mon Sep 17 00:00:00 2001 From: John Johansen Date: Thu, 15 Dec 2011 05:12:30 -0800 Subject: [PATCH] Replace usage of NodeSet with ProtoState in dfa creation. Signed-off-by: John Johansen Acked-by: Kees Cook --- parser/libapparmor_re/Makefile | 2 +- parser/libapparmor_re/hfa.cc | 33 +++++++++++++++++++++------------ parser/libapparmor_re/hfa.h | 19 ++++++++++++++----- 3 files changed, 36 insertions(+), 18 deletions(-) diff --git a/parser/libapparmor_re/Makefile b/parser/libapparmor_re/Makefile index 3e58e4d0f..ebd0efa14 100644 --- a/parser/libapparmor_re/Makefile +++ b/parser/libapparmor_re/Makefile @@ -4,7 +4,7 @@ TARGET=libapparmor_re.a CFLAGS ?= -g -Wall -O2 ${EXTRA_CFLAGS} -CXXFLAGS := ${CFLAGS} +CXXFLAGS := ${CFLAGS} -std=c++0x ARFLAGS=-rcs diff --git a/parser/libapparmor_re/hfa.cc b/parser/libapparmor_re/hfa.cc index c805467c6..d21882dd9 100644 --- a/parser/libapparmor_re/hfa.cc +++ b/parser/libapparmor_re/hfa.cc @@ -35,6 +35,15 @@ #include "hfa.h" #include "../immunix.h" +ostream &operator<<(ostream &os, const ProtoState &proto) +{ + /* dump the state label */ + os << '{'; + os << proto.nodes; + os << '}'; + return os; +} + ostream &operator<<(ostream &os, const State &state) { /* dump the state label */ @@ -44,15 +53,15 @@ ostream &operator<<(ostream &os, const State &state) return os; } -State *DFA::add_new_state(NodeMap &nodemap, - NodeSet *nodes, State *other, dfa_stats_t &stats) +State *DFA::add_new_state(NodeMap &nodemap, ProtoState &proto, + State *other, dfa_stats_t &stats) { - State *state = new State(nodemap.size(), nodes, other); + State *state = new State(nodemap.size(), proto, other); states.push_back(state); - nodemap.insert(make_pair(ProtoState(nodes), state)); - stats.proto_sum += nodes->size(); - if (nodes->size() > stats.proto_max) - stats.proto_max = nodes->size(); + nodemap.insert(make_pair(proto, state)); + stats.proto_sum += proto.size(); + if (proto.size() > stats.proto_max) + stats.proto_max = proto.size(); return state; } @@ -75,7 +84,7 @@ State *DFA::find_target_state(NodeMap &nodemap, list &work_queue, /* set of nodes isn't known so create new state, and nodes to * state mapping */ - target = add_new_state(nodemap, nodes, nonmatching, stats); + target = add_new_state(nodemap, index, nonmatching, stats); work_queue.push_back(target); } else { /* set of nodes already has a mapping so free this one */ @@ -97,7 +106,7 @@ void DFA::update_state_transitions(NodeMap &nodemap, list &work_queue, * sets of nodes. */ Cases cases; - for (NodeSet::iterator i = state->nodes->begin(); i != state->nodes->end(); i++) + for (ProtoState::iterator i = state->proto.begin(); i != state->proto.end(); i++) (*i)->follow(cases); /* Now for each set of nodes in the computed transitions, make @@ -136,7 +145,7 @@ void DFA::dump_node_to_dfa(void) " State <= Nodes\n" "-------------------\n"; for (Partition::iterator i = states.begin(); i != states.end(); i++) - cerr << " " << (*i)->label << " <= " << *(*i)->nodes << "\n"; + cerr << " " << (*i)->label << " <= " << (*i)->proto << "\n"; } /** @@ -163,10 +172,10 @@ DFA::DFA(Node *root, dfaflags_t flags): root(root) } NodeMap nodemap; - NodeSet *emptynode = new NodeSet; + ProtoState emptynode = ProtoState(new NodeSet); nonmatching = add_new_state(nodemap, emptynode, NULL, stats); - NodeSet *first = new NodeSet(root->firstpos); + ProtoState first = ProtoState(new NodeSet(root->firstpos)); start = add_new_state(nodemap, first, nonmatching, stats); /* the work_queue contains the states that need to have their diff --git a/parser/libapparmor_re/hfa.h b/parser/libapparmor_re/hfa.h index 8719eb426..5739e55fc 100644 --- a/parser/libapparmor_re/hfa.h +++ b/parser/libapparmor_re/hfa.h @@ -70,6 +70,10 @@ public: */ class ProtoState { public: + typedef NodeSet::iterator iterator; + iterator begin() { return nodes->begin(); } + iterator end() { return nodes->end(); } + NodeSet *nodes; ProtoState(NodeSet *n): nodes(n) { }; @@ -78,6 +82,7 @@ public: return nodes < rhs.nodes; } + unsigned long size(void) { return nodes->size(); } }; /* @@ -97,8 +102,8 @@ public: */ class State { public: - State(int l, NodeSet * n, State *other) throw(int): - label(l), audit(0), accept(0), trans(), nodes(n) + State(int l, ProtoState &n, State *other) throw(int): + label(l), audit(0), accept(0), trans() { int error; @@ -107,8 +112,10 @@ public: else otherwise = this; + proto = n; + /* Compute permissions associated with the State. */ - accept = accept_perms(nodes, &audit, &error); + accept = accept_perms(n.nodes, &audit, &error); if (error) { //cerr << "Failing on accept perms " << error << "\n"; throw error; @@ -119,9 +126,11 @@ public: uint32_t audit, accept; StateTrans trans; State *otherwise; + + /* temp storage for State construction */ union { Partition *partition; - NodeSet *nodes; + ProtoState proto; }; }; @@ -144,7 +153,7 @@ typedef struct dfa_stats { class DFA { void dump_node_to_dfa(void); State *add_new_state(NodeMap &nodemap, - NodeSet *nodes, State *other, dfa_stats_t &stats); + ProtoState &proto, State *other, dfa_stats_t &stats); void update_state_transitions(NodeMap &nodemap, list &work_queue, State *state, dfa_stats_t &stats);